|
|
This file lists the major changes made between Owl releases. While
some of the changes listed here may also be made to a stable branch,
the complete lists of stable branch changes are included with those
branches and as errata for the corresponding Owl releases only.
This is very far from an exhaustive list of changes. Small changes to individual packages won't be mentioned here unless they fix a security or a critical reliability problem. They are, however, mentioned in change logs for the packages themselves.
Changes made between Owl 1.0 and Owl 1.1.
2003/12/19 kernel Updated to Linux 2.4.23-ow2.
2003/12/12 - 2003/12/16 Package: lftp SECURITY FIX Severity: high, remote, passive
Updated to 2.6.10 fixing a buffer overflow vulnerability in the HTTP
directory listing parsing code discovered by Ulf Harnhammar. The
vulnerability could allow a malicious HTTP server to execute arbitrary
code on the client system. Additionally, a patch by Nalin Dahyabhai
of Red Hat needed to handle malformed HTTP server responses gracefully
has been added.
Reference:
2003/12/08 Package: glibc Sanity check the forward and backward chunk pointers in the unlink() macro used by Doug Lea's implementation of malloc(3). If the pointers are determined to have been overwritten, the process will be forced to terminate thereby reducing the impact of a common class of attacks on memory overwrite vulnerabilities present in various applications. Credit for the idea for this countermeasure is due to Stefan Esser.
2003/11/29 kernel SECURITY FIX Severity: high, local, active
Updated to Linux 2.4.23-ow1. Linux 2.4.23 includes a fix to a
vulnerability in the brk(2) system call discovered by Andrew Morton
which allowed user-space processes to access the kernel's data
structures and thus gain root access. Linux 2.2.x kernels are not
affected. The Linux 2.4.22-ow1 kernel image used in Owl-current ISO
images and CDs dated 2003/10/20 through 2003/11/03 did contain the
additional brk(2) fix and thus is not affected. However, that fix is
not a part of the published Linux 2.4.22-ow1 source code patch meaning
that custom builds of Linux 2.4.22-ow1 are affected and need to be
upgraded to 2.4.23-ow1. Additionally, this update of the kernel patch
makes the reporting of returns onto stack more verbose and makes the
kernel retry attempts to open the root filesystem device if the first
attempt fails.
Reference:
2003/11/29 Package: gnupg SECURITY FIX Severity: medium, remote, passive
Added a patch by David Shaw to disable the ability to create
signatures using the ElGamal sign+encrypt (type 20) keys as well as to
remove the option to create such keys.
Reference:
2003/11/22 Package: iproute2 SECURITY FIX Severity: low, local, passive
Added a patch from Herbert Xu of Debian to prevent a local denial of
service attack on iproute2 utilities via spoofed Netlink messages.
Reference:
2003/11/06 Package: openssl Updated to 0.9.6l. The added bug fix is believed to be not security related on Linux.
2003/10/26 Packages: nmap, owl-etc Added a reduced version of the drop privileges patch from ALT Linux. Nmap, when run as root, will now switch to pseudo-user nmap retaining only raw socket access (CAP_NET_RAW) and, if option -n is given, also chroot to /var/empty.
2003/10/26 Packages: libcap, vsftpd New package: libcap, a library for dealing with POSIX.1e capabilities. vsftpd has been updated to 1.2.1pre1 and now uses libcap.
2003/10/24 Packages: owl-cdrom, openssh; Owl/build/{installworld.{sh,conf},installorder.conf} Support special installs for Owl bootable CDs with "MAKE_CDROM=yes" in installworld.conf.
2003/10/20 kernel; Package: owl-cdrom Updated to Linux 2.4.22-ow1.
2003/10/18 Package: libnids SECURITY FIX Severity: none to high, remote, active
Updated to 1.18 which fixes incorrect buffer memory reallocation (and
thus a possible buffer overflow) in TCP stream reassembly which may be
remotely exploitable into arbitrary code execution. This does not
affect applications that are currently a part of Owl (scanlogd does
not use libnids' TCP stream reassembly capability), but a number of
other applications such as those in dsniff toolkit are affected. The
vulnerability has been discovered by Robert Watson.
Reference:
2003/10/12 - 2003/10/17 Packages: iproute2, iputils Updated iproute2 to snapshot ss020116, iputils to ss020927, and corrected builds with Linux 2.4.22+.
2003/10/11 Package: nmap Updated to 3.48 which adds service version detection.
2003/10/01 Package: openssl SECURITY FIX Severity: low, remote, active
Updated to 0.9.6k. This version corrects an out of bounds read in
ASN.1 parsing code, a crash in the public key verification code if it
is set to ignore decoding errors (which is normally done for debugging
purposes only), and an SSL/TLS protocol handling error which would
cause the server to parse a supplied client certificate even if one
wasn't requested. The problems were discovered due to NISCC's SSL/TLS
test suite.
References:
2003/09/29 Package: raidtools New package: tools for creating and maintaining software RAID devices.
2003/09/17 Package: openssh SECURITY FIX Severity: medium, remote, active
Multiple memory management errors have been discovered in OpenSSH, and
this update corrects 6 such real or potential errors based on an
exhaustive review of the OpenSSH source code for uses of *realloc()
functions. At this time, it is uncertain whether and which of these
bugs are exploitable. If exploits are possible, due to privilege
separation, the worst direct impact should be limited to arbitrary
code execution under the sshd pseudo-user account restricted within
the chroot jail /var/empty, or under the logged in user account.
Reference:
2003/08/24 - 2003/09/15 Package: john Added an event logging framework.
2003/09/09 - 2003/09/14 Packages: dhcp, owl-etc New package: the ISC Dynamic Host Configuration Protocol (DHCP) distribution. The DHCP server and relay programs have been modified to run with reduced privileges and are now a part of Owl. The DHCP client is not officially a part of Owl yet and it is not built with Owl by default.
2003/08/25 - 2003/09/12 Package: xinetd Updated to 2.3.12.
2003/08/20 - 2003/08/22 Packages: iptables, ipchains New package: iptables, tools for managing Netfilter/iptables packet filtering rules with Linux 2.4.x kernels.
2003/08/02 - 2003/08/10 Packages: glibc, pam, sysklogd LFS (Large File Support) corrections to glibc on SPARC, pam_limits, and syslogd. LFS will only work when Owl userland is built against Linux 2.4.x kernel headers and a Linux 2.4.x kernel is booted.
2003/07/25 Packages: prtconf, owl-dev New package: prtconf, utilities to dump and modify SPARC OpenPROM.
2003/07/22 Package: pam SECURITY FIX Severity: none to medium, local, active Patched pam_wheel to never rely on getlogin(3), even if use_uid is not specified. The default /etc/pam.d/su on Owl doesn't use pam_wheel, and, after "control su wheel", uses it with use_uid. This change was only needed to make other local configurations with pam_wheel safe.
2003/07/21 Package: openssh SECURITY FIX Severity: none to medium, local, active
VerifyReverseMapping is now deprecated and replaced with a new option,
UseDNS, which is enabled by default. This should solve the client
address restriction circumvention attack discovered by Mike Harding.
Reference:
2003/07/04 Package: perl RELIABILITY FIX: Corrected the Perl getpwent() to not rely on getspent(3) returning entries in the same order as getpwent(3) does; this actually makes a difference with /etc/tcb and likely with non-files password databases.
2003/06/12 Package: stmpclean RELIABILITY FIX: Updated to 0.3 which will refuse to run on relative pathnames. The previous version would interpret relative pathnames in a way most people wouldn't expect potentially removing files outside of the intended directory trees.
2003/06/02 Packages: nmap, libpcap New package: Nmap, a network exploration tool and security scanner.
2003/06/02 Package: openssh Updated to 3.6.1p2. When we know we're going to fail authentication for reasons external to PAM, pass there a hopefully incorrect password to have it behave the same for correct and incorrect passwords.
2003/06/02 Package: lftp Updated to 2.6.6.
2003/05/23 - 2003/05/29 Packages: owl-etc, glibc, SimplePAMApps, openssh, owl-setup, shadow-utils, rpm; Owl/build/installorder.conf tcb is now the default password shadowing scheme and, when updating existing installs, automatic conversion to tcb is attempted.
2003/05/11 - 2003/05/15 Package: gnupg SECURITY FIX Severity: medium, remote, passive
Updated to 1.2.2, fixing the key validity bug.
References:
2003/05/05 Package: acct Support /dev/pts in lastcomm(1).
2003/04/27 - 2003/05/01 Package: cvs New package: a version control system. This is CVS 1.11.5 with many corrections.
2003/04/27 Packages: msulogin, SysVinit, owl-startup New package: msulogin, our implementation of sulogin(8) with support for having multiple root accounts on a system.
2003/04/23 Package: SysVinit Updated to 2.85 which includes most of our old patches plus quite a few from ALT Linux, including to make wall(1) not trust utmp contents more than it has to (this prevents a group utmp -> root attack). Added more patches from ALT and Red Hat Linux, including for alternate program executable matching in start-stop-daemon and pidof(8) such that processes may be located even after their executables could have been unlinked. This should make no difference for packages in Owl, but may help lame third-party packages which attempt to stop their daemon processes after having replaced the programs on disk.
2003/04/17 - 2003/04/18 Packages: tcb, openssh, popa3d, screen, shadow-utils, SimplePAMApps, vsftpd pam_tcb now implements proper fake salt creation for non-existent or password-less accounts to reduce timing leaks. OpenSSH will now run PAM with password authentication even for non-existent or not allowed usernames.
2003/04/17 Packages: console-tools, kbd, man-pages, owl-setup console-tools has been replaced with kbd.
2003/04/16 Package: xinetd Updated to 2.3.11.
2003/04/15 Package: SimplePAMApps Imported ALT Linux patches, most importantly replacing command line parsing in su(1) such that it will better match the behavior of other implementations.
2003/04/14 Package: util-linux Updated to 2.11z.
2003/04/12 Packages: pam_userpass, openssh, popa3d, screen, shadow-utils, vsftpd; Owl/build/installorder.conf Moved the common pam_userpass PAM conversation function into a library, libpam_userpass (both shared and static versions are built). This is due to work by Dmitry V. Levin of ALT Linux.
2003/04/12 Package: openssl SECURITY FIX Severity: medium, remote, active
Updated to 0.9.6j which adds two security fixes. One of the fixes is
to enable RSA blinding (a technique to avoid information leaks via
timing with RSA encryption), without an application having to request
it explicitly, despite the small performance impact this has. The
other is to prevent the Klima-Pokorny-Rosa attack on RSA in SSL/TLS.
References:
2003/04/08 Package: openssh Updated to 3.6.1p1.
2003/04/02 Package: mktemp Updated to 1.5.
2003/03/26 Package: mutt SECURITY FIX Severity: high, remote, passive
Updated to 1.4.1. This version fixes a buffer overflow vulnerability
in Mutt's IMAP client code which could result in arbitrary code
execution if Mutt is used to connect to a malicious or spoofed IMAP
server. The vulnerability has been discovered by Diego Kelyacoubian,
Javier Kohen, Alberto Solino, and Juan Vera of Core Security
Technologies, and fixed by Edmund Grimley Evans.
References:
2003/03/23 Package: glibc SECURITY FIX Severity: none to high, remote, active
Included Red Hat's back-port of the Sun RPC XDR integer overflow
fixes from glibc CVS. The fixes are by Paul Eggert and Roland
McGrath, and the xdrmem_getbytes() integer overflow has been
discovered by Riley Hassell of eEye Digital Security. Please note
that Owl does not include any RPC services (but it does include a few
RPC clients). It has not been fully researched whether an Owl install
with no third-party software added is affected by this vulnerability
at all.
References:
2003/03/20 kernel SECURITY FIX Severity: low to high, local/remote, active/passive
Updated to Linux 2.2.25-ow1. Linux 2.2.25 fixes the kmod/ptrace race
condition vulnerability discovered by Andrzej Szombierski. The
vulnerability could result in a local root compromise if the kernel is
built with support for auto-loading modules (CONFIG_KMOD) and the path
to a module loader program is specified in /proc/sys/kernel/modprobe.
It is recommended that you not enable or use kmod, for both security
and reliability reasons. The kernels used on Owl CDs have never been
built with support for kmod. Owl startup scripts, unlike those used
on some other distributions, don't setup a path to modprobe with the
kernel. This version of the kernel also corrects "Etherleak" issues
with a number of Ethernet drivers (a common class of vulnerabilities
publicized by Ofir Arkin and Josh Anderson of @stake) and a local DoS
vulnerability with mmap(2) of /proc/<pid>/mem files discovered by
Michal Zalewski of BindView. Linux 2.2.25-ow1 patch makes the added
RLIMIT_NPROC enforcement also work for 32-bit syscalls on sparc64
(thanks to Brad Spengler for noticing that this was missing).
References:
2003/03/16 Package: man
Updated to 1.5l. This version fixes a bug discovered by Jack Lloyd
where a specially crafted man page would result in an attempt to
execute a program named "unsafe". This is only a security issue if
untrusted directories are present in $PATH, which should not be the
case.
References:
2003/03/15 Package: vim
Updated to 6.1 patchlevel 386. This includes a fix for Georgi
Guninski's discovery of a particular way to abuse vim's modelines to
execute arbitrary shell commands from a specially crafted text file
when it is loaded into vim and to bypass vim's restricted mode. Note
that vim's modelines have always been disabled on Owl by default (with
a setting in /usr/share/vim/vimrc) and even this fix is no guarantee
modelines will be safe to use or the restricted mode safe to rely upon
in the future.
References:
2003/03/02 - 2003/03/10 Package: popa3d Rate-limit the "sessions limit reached" log message similarly to the per-source one; spotted by Michael Tokarev. Ensure proper logging of abnormally terminated sessions: distinguish server failures from external modification to the mailbox by other instances of popa3d or other MUAs. Previously, if external mailbox modification would occur during processing of a RETR command, popa3d could improperly log a "server failure" (0.6) or even a "premature disconnect" (older versions). Added the -V option to print out version information. Started maintaining a non-package-specific popa3d change log due to popular demand, added a separate file with contact information.
2003/03/07 Package: file SECURITY FIX Severity: medium to high, local, passive Updated to 3.41, which fixes a buffer overflow vulnerability in file(1). The overflow could be triggered by an invalid ELF binary and, with a specially-crafted fake ELF binary, would result in execution of arbitrary code.
2003/02/25 Package: zlib Corrected a potential buffer overflow in gzprintf(), thanks to Bugtraq postings by Crazy Einstein, Richard Kettlewell, and Carlo Marcelo Arenas Belon.
2003/02/24 Package: libutempter Updated to 1.1.1 for a signal handling fix.
2003/02/20 Package: openssl SECURITY FIX Severity: medium, remote, passive
Updated to 0.9.6i. This version adds a security fix to minimize
information leaks via timing, by performing a MAC computation even if
incorrect block cipher padding has been found. The leaks could be
triggered and exploited in a man-in-the-middle attack, where the
attacker has to play an active role, yet relies on many actions and
properties of the SSL/TLS client to succeed. This weakness will be
demonstrated in an upcoming paper by Brice Canvel (EPFL), Alain
Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL,
Ilion).
References:
2003/02/20 Package: popa3d Approached another stable release, 0.6. The recent changes are limited to minor bug fixes (documented in the package change log), so this release is of more importance to uses on non-Owl.
2003/01/20 Package: mutt New package: a feature-rich text-based mail user agent. Our initial package is based on Mutt 1.4i with many temporary file handling fixes.
2003/01/18 Package: xinetd Updated to 2.3.10.
2003/01/10 - 2003/01/17 Package: dialog Updated to 0.9b-20020814 with a patch needed for RSBAC administration tools. Corrected unsafe temporary file handling in the samples.
2003/01/17 Packages: utempter, libutempter, rpm, screen Red Hat's utempter has been replaced with ALT Linux's libutempter package, which features an improved API while still supporting the old one for compatibility. rpm has been enhanced to support symbol versioning with automatic dependencies on libraries other than glibc (packages which depend on libutempter's new API will use this), and screen switched to the new API.
2003/01/12 Package: diffstat Updated to 1.32.
2003/01/08 Package: owl-control Added control(8) and control-dump(8) manual pages.
2003/01/07 Package: hdparm Updated to 5.3.
2002/12/29 Package: nc New package: ported netcat from OpenBSD (post-3.2). netcat (nc) is a simple utility for reading and writing data across network, using TCP or UDP.
2002/12/19 Packages: tcp_wrappers, openssh, xinetd Handle error conditions with tcp_wrappers' table matching, patch from Steve Grubb.
2002/12/17 Package: rpm Added rpminit(1), a script to setup a set of private directories for building RPM packages as the current user. Changed the default rpmrc to use more optimal flags for our gcc (note that builds of Owl itself use a different set of optimization flags anyway).
2002/12/14 Package: libnids Updated to 1.17.
2002/12/12 Package: openssl Updated to 0.9.6h.
2002/12/09 kernel Updated to Linux 2.2.23-ow1.
2002/12/05 Owl/doc/TODO New file: a public Owl TODO list. Its primary purpose is to give some ideas of how one may contribute to Owl development.
2002/10/24 - 2002/12/01 Package: owl-startup Set net.ipv4.icmp_echo_ignore_broadcasts = 1 to prevent the use of Owl boxes for "smurf" attacks even when proper packet filters aren't in place (suggested by Steve Olszewski). Set net.ipv4.tcp_syncookies = 1 to defeat SYN flood attacks. Documented (in /etc/sysctl.conf) the security risk of having SYN cookies enabled with certain packet filter setups.
2002/11/27 kernel SECURITY FIX Severity: medium, local, active Updated to Linux 2.2.22-ow2 which improves the "lcall" DoS fix for the Linux kernel to cover the NT (Nested Task) flag attack discovered by Christophe Devine.
2002/11/08 Package: glibc RELIABILITY FIX: Made the x86 assembly code implementing bcrypt password hashing reentrant (this time for real), made it more careful about overwriting sensitive data. At the same time, the default /etc/nsswitch.conf file has been cleaned up and improved.
2002/11/07 Owl/doc/MIRRORING New file: instructions for those who would like to setup and maintain an Owl mirror, official or not.
2002/11/05 Package: hdparm Updated to 5.2.
2002/11/03 Packages: owl-control, iputils, openssh, postfix, shadow-utils, SimplePAMApps, traceroute, util-linux, vixie-cron Keep owl-control settings over package upgrades (and thus over "make installworld" runs as well). Some of the owl-control scripts updates have been imported back from ALT Linux.
2002/10/21 - 2002/10/24 Packages: shadow-utils, tcb Merged enhancements which remove the 32K users limit when /etc/tcb is in use, documented them in tcb(5) and login.defs(5) manual pages. Modified the tcb_chkpwd helper binary interface to support multiple users per UID (the username is now passed as well). Most of this was prepared by August but delayed until after Owl 1.0 release. $Owl: Owl/doc/CHANGES-1.1,v 1.115 2018/05/23 19:32:15 solar Exp $ |